Security Scan Report¶

Generated: February 17, 2026 01:31:18 UTC

🔒 Security Overview¶

Tool	Type	Status	Findings
Bandit	SAST	✅ Active	3
Semgrep	SAST	✅ Active	2
pip-audit	Dependency	✅ Active	0
Trivy	Container	✅ Active	779
Grype	Container	✅ Active	533

Summary: 0 High | 0 Medium | 3 Low

hardcoded_password_string (LOW)
File: ./api.py line 56
Possible hardcoded password: 'change-this-to-a-secure-random-key-in-production'
assert_used (LOW)
File: ./api.py line 569
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
assert_used (LOW)
File: ./api.py line 710
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.

Summary: 2 High | 0 Medium | 0 Low

python.flask.security.injection.nan-injection.nan-injection (ERROR)
Found user input going directly into typecast for bool(), float(), or complex(). This allows an attacker to inject Python's not-a-number (NaN) into the typecast. This results in undefind behavior, particularly when doing comparisons. Either cast to a different type, or add a guard checking for all capitalizations of the string 'nan'.
python.flask.security.injection.nan-injection.nan-injection (ERROR)
Found user input going directly into typecast for bool(), float(), or complex(). This allows an attacker to inject Python's not-a-number (NaN) into the typecast. This results in undefind behavior, particularly when doing comparisons. Either cast to a different type, or add a guard checking for all capitalizations of the string 'nan'.

Summary: 0 Critical | 59 High | 198 Medium

Summary: 0 Critical | 27 High | 83 Medium

This report is auto-generated from CI/CD pipeline execution. Generated by tools/generate_reports.py.